> On 8/9/2007, Michael Parker ([EMAIL PROTECTED]) wrote:
> > I've started using the sanesecurity clam signatures - as discussed
on
> > this list a few weeks back - and they are excellent. Really easy to
> > set up and do a great job.
> >
> > My problem, as a back lash of this though, is that I'm ge
On 8/9/2007, Michael Parker ([EMAIL PROTECTED]) wrote:
> I've started using the sanesecurity clam signatures - as discussed on
> this list a few weeks back - and they are excellent. Really easy to
> set up and do a great job.
>
> My problem, as a back lash of this though, is that I'm getting
> bo
> Date: Thu, 9 Aug 2007 12:10:49 +0200
> From: "GrayHat" <[EMAIL PROTECTED]>
> Subject: [Assp-user] PDF spam
>
> a temporary solution may be changing the
> level 2 attachment to include "pdf" and setting the
> external level to 2 and the whitelisted
GrayHat <[EMAIL PROTECTED]> schreibt:
>I wonder how do you handle that; lately there's
>a whole lot of such spam around and it isn't easy
>to stop; a temporary solution may be changing the
>level 2 attachment to include "pdf" and setting the
>external level to 2 and the whitelisted to 1, this will
I wonder how do you handle that; lately there's
a whole lot of such spam around and it isn't easy
to stop; a temporary solution may be changing the
level 2 attachment to include "pdf" and setting the
external level to 2 and the whitelisted to 1, this will
stop PDF mails from "unknown" senders but t
LOL!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeroen van
Aart
Sent: Thursday, August 02, 2007 8:32 PM
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Subject: Re: [Assp-user] PDF SPAM
Dickson, Paul wrote:
> I tend to think t
Jeroen van Aart wrote:
> I suggest that employing a large workforce of human beings, scanning
> each email, is the most effective anti spam solution. Maybe this is a
> good business set up for a new startup? I have never failed to identify
> spam, neither had any false positives.
I suggest an a
Dickson, Paul wrote:
> I tend to think that would be detrimental to the server load, and way
> overkill. Not to mention, email is a broad enough target as it is to
> classify correctly.. I can't imagine trying to intelligently classify
> something with exponentially greater variances.
I suggest
>Since it's a streaming check, I don't think it
>would have to read the whole file attachment in order to know it's a
>virus, spam or whatever, since it's just looking for known signatures.
>Correct me if I'm wrong.
ASSP passes AVBYTES to clamd.
's db??
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dickson,
Paul
Sent: Thursday, August 02, 2007 8:13 AM
To: Matti Haack; Questions and Answers for users of ASSP Anti-Spam SMTP
Proxy
Subject: Re: [Assp-user] PDF SPAM
I tend to think that would be detrimen
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matti
Haack
Sent: Thursday, August 02, 2007 5:53 AM
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Subject: Re: [Assp-user] PDF SPAM
> If it had to stop and save each message to disk, extract the pdf,
> analyze it, t
Hill, Brett wrote:
>> But I think the virusscanning just do this: scan the whole message
> and them forward it. So why not handle an "Atachment content
> scan" like virusscanning? Maybe we can use the same data passed to clamd
> and do a content scan.
>
> Doesn't Virus Scanning only sca
> But I think the virusscanning just do this: scan the whole message
and them forward it. So why not handle an "Atachment content
scan" like virusscanning? Maybe we can use the same data passed to clamd
and do a content scan.
Doesn't Virus Scanning only scan the first ?% of a file (not
Matti Haack wrote:
>> If it had to stop and save each message to disk, extract the pdf,
>> analyze it, then deliver it if it passes.it would just be slower
>> than a snail stuck in molasses in the arctic, and it would'nt work.
> But I think the virusscanning just do this: scan the whole mes
> If it had to stop and save each message to disk, extract the pdf,
> analyze it, then deliver it if it passes.it would just be slower
> than a snail stuck in molasses in the arctic, and it would'nt work.
But I think the virusscanning just do this: scan the whole message and them
forward i
Micheal Espinola Jr wrote:
> Doug Lytle wrote:
>> I'm seeing a large number of those PDF spams now coming across zipped.
>
> There is a new rash of PDF spams going around that are (AFAIK)
> incomplete attachments. i.e., they attachment is there, but the
> messages are missing the header informati
Matti Haack wrote:
> Would it be possible to use File::Extract::PDF to analyze pdf
> attachments with the basian and bombre filters?
>
> Additionatly there are more File::Extract filters which could be
> usefull:
> http://cpan.uwinnipeg.ca/htdocs/File-Extract/
ASSP doesn't deal wit
Would it be possible to use File::Extract::PDF to analyze pdf
attachments with the basian and bombre filters?
Additionatly there are more File::Extract filters which could be
usefull:
http://cpan.uwinnipeg.ca/htdocs/File-Extract/
Matti
> Doug Lytle wrote:
>> I'm seeing a large num
Doug Lytle wrote:
> I'm seeing a large number of those PDF spams now coming across zipped.
There is a new rash of PDF spams going around that are (AFAIK)
incomplete attachments. i.e., they attachment is there, but the
messages are missing the header information pointing to the attachment.
And as
>"Those who would give up Essential Liberty to purchase a little
>Temporary Safety, deserve neither Liberty nor Safety."
agreed.
fritz
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to f
Interesting,
I'm seeing a large number of those PDF spams now coming across zipped.
SaneSecurity is still picking them off though.
Doug
--
Ben Franklin quote:
"Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety."
-
21 matches
Mail list logo
